[Japanese]

JVNDB-2008-001043

X.Org Foundation X server buffer overflow vulnerability

Overview

X server provided by the X.Org Foundation contains a buffer overflow vulnerability.

The X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font (PCF) format fonts that can be exploited to cause a buffer overflow.

X.Org Foundation released the X.Org security advisory on January 17, 2008, and CERT/CC released VU#203220 on March 19, 2008 regarding this vulnerability issue.

Takuya Shiozaki of CODE blog (codeblog.org) reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 7.4 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: Single Instance
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete

Affected Products


Fedora Project
  • Fedora 7
  • Fedora 8
Gentoo Foundation, Inc.
  • Gentoo Linux x11-base/xorg-server 1.3.0.0-r5
  • Gentoo Linux x11-libs/libXfont 1.3.1-r1
IBM Corporation
  • IBM AIX 5.2
  • IBM AIX 5.3
  • IBM AIX 6.1
Mandriva, Inc.
  • Mandriva Linux XFree86 CS3.0
  • Mandriva Linux xorg-x11 CS4.0
OpenBSD
  • OpenBSD 4.1
  • OpenBSD 4.2
openSUSE
  • openSUSE 10.2
  • openSUSE 10.3
SUSE Linux
  • Novell Linux Desktop 9
  • Novell Linux POS 9
  • Open Enterprise Server
  • SLE SDK 10
  • SUSE LINUX 10.1
  • SUSE Linux Enterprise Desktop 10
  • SuSE Linux Enterprise Server 10
  • SuSE Linux Enterprise Server 8
  • SUSE SLES 9
Ubuntu
  • Ubuntu 6.06 LTS
  • Ubuntu 6.10
  • Ubuntu 7.04
  • Ubuntu 7.10
X.Org Foundation
  • X.Org X11 1.4 and earlier
XFree86 Project
  • XFree86 4.7.99.14 and earlier
Apple Inc.
  • Apple Mac OS X v10.4.11
  • Apple Mac OS X v10.5.2
  • Apple Mac OS X Server v10.4.11
  • Apple Mac OS X Server v10.5.2
Sun Microsystems, Inc.
  • Sun Solaris 10 (SPARC)
  • Sun Solaris 10 (x86)
  • Sun Solaris 8 (SPARC)
  • Sun Solaris 8 (x86)
  • Sun Solaris 9 (SPARC)
  • Sun Solaris 9 (x86)
Hewlett-Packard Development Company, L.P
  • HP-UX 11.11
  • HP-UX 11.23
  • HP-UX 11.31
MIRACLE LINUX CORPORATION
  • Asianux Server 3 for x86
  • Asianux Server 3 for x86-64
  • MIRACLE LINUX V2.0
  • MIRACLE LINUX V2.1
  • MIRACLE LINUX V3.0
  • MIRACLE LINUX V3.0 for x86-64
  • MIRACLE LINUX V4.0
  • MIRACLE LINUX V4.0 for x86-64
Red Hat, Inc.
  • Red Hat Desktop (v.3)
  • Red Hat Desktop (v.4)
  • Red Hat Enterprise Linux (v.5 server)
  • Red Hat Enterprise Linux AS (v.2.1)
  • Red Hat Enterprise Linux AS (v.3)
  • Red Hat Enterprise Linux AS (v.4)
  • Red Hat Enterprise Linux Desktop (v.5 client)
  • Red Hat Enterprise Linux ES (v.2.1)
  • Red Hat Enterprise Linux ES (v.3)
  • Red Hat Enterprise Linux ES (v.4)
  • Red Hat Enterprise Linux WS (v.2.1)
  • Red Hat Enterprise Linux WS (v.3)
  • Red Hat Enterprise Linux WS (v.4)
  • Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
  • RHEL Desktop Workstation (v.5 client)
FUJITSU
  • FUJITSU PC-X

Impact

An attacker with an established, authenticated connection to the X server could execute arbitrary code with the privilege of X server process or cause the server to crash.
Solution

[Update the Software]
Apply the latest updates provided by the vendors.
Vendor Information

Fedora Project Gentoo Foundation, Inc. IBM Corporation
  • IBM Support Document : 4136
Mandriva, Inc. openSUSE SUSE Linux Ubuntu X.Org Foundation XFree86 Project Apple Inc. Sun Microsystems, Inc.
  • Sun Alert Notification : 103192
Hewlett-Packard Development Company, L.P MIRACLE LINUX CORPORATION
  • Asianux Technical Support Network : libXfont-1.2.2-1.0.3AXS3 (Japanese)
  • MIRACLE LINUX Update Information : 1209 (Japanese)
  • MIRACLE LINUX Update Information : 1230 (Japanese)
  • MIRACLE LINUX Update Information : 1347 (Japanese)
Red Hat, Inc. FUJITSU
CWE (What is CWE?)

  1. Buffer Errors(CWE-119) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2008-0006
References

  1. JVN : JVN#88935101
  2. National Vulnerability Database (NVD) : CVE-2008-0006
  3. IPA SECURITY ALERTS : Security Alert for X.Org Foundation X Server Vulnerability
  4. US-CERT Cyber Security Alerts : SA08-079A
  5. US-CERT Vulnerability Note : VU#203220
  6. US-CERT Technical Cyber Security Alert : TA08-079A
  7. Secunia Advisory : SA28532
  8. SecurityFocus : 27352
  9. SecurityTracker : 1019232
  10. FrSIRT Advisories : FrSIRT/ADV-2008-0179
  11. JVN iPedia (Japanese) : JVNDB-2008-001043
Revision History

[2008/06/13]
  Web page published
[2008/07/11]
  Affected Products : Added FUJITSU. (JVN#88935101).
  Vendor Information : FUJITSU. (JVN#88935101).
[2008/11/21]
  Affected Products : Added MIRACLE LINUX CORPORATION (1347).
  Affected Products : Added Hewlett-Packard Development Company, L.P (HPSBUX02381).
  Vendor Information : Added MIRACLE LINUX CORPORATION (1347).
  Vendor Information : Added Hewlett-Packard Development Company, L.P (HPSBUX02381).